Comments on Securing OpenVPN With A One Time Password (OTP) On Ubuntu

Securing OpenVPN With A One Time Password (OTP) On Ubuntu So, you got yourself a nice OpenVPN box. People need to login with their certificates but... if their laptop is stolen anyone could login. Sure, you could add password login but thats a bit outdated. The solution for this is using a OTP (one time password).

11 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous
Reply  

Excellent information... Is there a way I can have two openvpn servers, one OTP enabled openvpn server and a non-OTP openvpn server simultáneously? I have notebooks and unattended headless servers connecting...

By: Hugo
Reply  

Sure, just create an additional openvpn server on an different ip and/or port.

By: Anonymous
Reply  

Hi,

hg repo not found! (404)

  cd /tmp && hg clone https://google-authenticator.googlecode.com/hg/ google-authenticator && cd libpam
abort: HTTP Error 404: Not Found

They moved the repo??

 Thx:

 Curt

By: Anonymous
Reply  

I'm having the same problem. HTTP 404 not found

By: Anonymous
Reply  

Google authenticator is now in the Ubuntu apt repositories, so this should do the trick:

 sudo aptitude install libpam-google-authenticator

By: Stan
Reply  

hallo,

great tutorial, however, I`m getting the error:

root@XXXXXXXXX:/etc/openvpn# AUTH-PAM: BACKGROUND: user 'root' failed to authenticate: Cannot make/remove an entry for the specified session

 

By: pklaus
Reply  

Yeah, I'm getting this problem as well but not for root (works!) but for a user with a different home directory (without full access to his home). So the .google_authenticator file in the home dir is only readable/writable by this user but he can't authenticate... Check the permissions etc. of the .google_authenticator file. And check the content of /var/log/auth.log.

Regards, Philipp

By: onychomycosis
Reply  

Yes, I am obtaining this issue too however, not with regard to basic (works! ) however for users having a various house website directory (without complete use of his or her home). Therefore the. google_authenticator document in your home dir is just readable/writable at this time consumer however he or she cannot authenticate... What is accord and so on from the. google_authenticator document. As well as what is content material associated with /var/log/auth. record.

By: Anonymous
Reply  

There is an alternate Two-factor Authentication system called Taferno on sourceforge.net (taferno.sourceforge.net)

It provides TFA and multi-layer security for OpenVPN, OpenSSH and Web Single Sign On

By: Evgeny Gridasov
Reply  

I've just finished working on a native OTP plugin for OpenVPN. Check it out: https://github.com/evgeny-gridasov/openvpn-otp

By: moham
Reply  

"We're finished with the PAM config. Obviously you can make it a lot more complex, for example by adding IP restrictions (no OTP on trusted IPS) or adding more security."

Do you have an example of this? Thanks!